-
-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unifiedpush #152
Unifiedpush #152
Conversation
5af2057
to
fcfac64
Compare
I believe to find a bug: does it reregister with the new strategy, if you change it in the UI ? |
Yes it does, since the server does not act the same way depending on the strategy |
If merged as is, would this work with a Nextcloud NextPush UP server? Or would it only work with a MollySocket server? |
@dinosmm the mollysocket-server is needed to get the notification from signal per websocket to any UnifiedPush provider. So you need both. |
Is this a trick to avoid needing any change done to the Signal Server? |
Indeed, if the signal server allowed pushing to arbitrary endpoints (= push server addresses), then mollysocket would not be necessary. |
I have fixed the main issue with the unattended unregistration + Lint |
Except the alerts for the edge cases, I think this PR is now ready :) |
What are the security properties of MollySocket? Do you have to host your own? What security risks does using a 3rd party MollySocket server entail? Does it require a valid DNS entry? |
@SlugFiller you could run mollysocket without make it public as an Webservice ( and DNS record). The Unified Push Service has to be Public. MollySocket just has to be able, to reach the Unified Push Service and the Signal Server fore there Websocket. That is called Airgapped in the Documentation: I am not sure over the security risk. @p1gp1g should answer. |
Relative to Signal: MollySocket only receives credentials from a linked device.
[Edit: And of course, mollysocket knows when you receive encrypted data]
If you want the MollySocket endpoint to be accessible from the Internet: yes |
@p1gp1g Are the linked device credentials insufficient to send/read messages on the user's behalf? Can the credentials be reduced to something sufficient to detect a message, but insufficient to decrypt it? What about sending messages to the primary, like storage sync, which could read and edit contacts and groups? |
[1] Signal Server is technically able to change the identity key. I don't know how Signal client would react. In case of signal server compromise, your contact getting the client-side alert about identity key change is the last protection. Edit: I don't know if it is useful to list what can be edited. This edition is only destructive since you can't encrypt arbitrary data without the keypair. |
Actually, since everything is encrypted with the same protocol, the only risk is a destructive modification of some data. For instance, I can send junk as my Name but it won't be decrypted by signal clients |
Thanks @SlugFiller : I have added a note about security on the first message and on mollysocket repository. If you have any other thing in mind, please ask :) |
Just released a new testing APK: https://github.com/mollyim/mollyim-insider-android/releases/tag/v6.6.3-1.rev2%2Bunifiedpush I rebased your changes to latest Molly v6.6.3-1. I had to fixed a couple of minor conflicts. |
2c23082
to
d821abf
Compare
this looks really promising, am really hyped for it. this will be really cool for us trying to de-google. subscribed to the PR |
I am currently testing this and I'd like to point out that while it works fine, Molly still stays in the background as an active app, even though it doesn't need to. This should be disabled if the UnifiedPush notification method is used, as the whole point of this use case is not having the app constantly stay in the background. Side note, specifying a default MollySocket server would be great and less confusing to new users. Great work by the way! Really appreciate it :p |
That's because the websocket strategy needs the service being running, but the connection is active only when a message arrives. Even if the foreground service is active, it consumes less than the signal service with the continuous websocket (*) to signal server :) The REST strategy removes that foreground service but mollysocket becomes more verbose then, so you must be sure your unifiedpush distributor won't ban you (eg. rate limit)
Thanks :) * Actually, signal uses 2 websockets with the foreground service but that is off topic :) |
Switching to REST worked, thanks! I was specifically looking to reduce the amount of background processes on my device, ideally, to only have ntfy running (right now there's Forkgram still left, hopefully someone works on UnifiedPush, maybe I'll do it myself one day), and this PR really helps! Hopefully it gets merged soon. Also, as for rate limiting, if my migration from WebSocket background notifications to UnifiedPush goes well, I will probably just host my own server, so yeah. Thanks again for the PR, looking forward to the merge! |
Just be careful, you may get rate limited very fast with REST strategy and a public ntfy server |
Add missing summaries
In minified builds
Use new RemoteMessage constructor
What's holding up this PR? Is there something I can help with? |
We are releasing a new official build of Molly with UnifiedPush support. A first build is available here : https://github.com/mollyim/mollyim-android-unifiedpush/releases We will communicate about this soon :) |
How can we activate it? I don't see it anywhere in the settings. |
I'm happy to share some good news today! UnifiedPush support has finally landed in Molly. We've put a lot of effort into making this happen. Starting from now, UnifiedPush support is officially available in a separate app, that you can download from the GitHub Releases page here or Molly's F-droid FOSS repository here. I'm closing this pull-request now, but please note these changes have been already merged into the new repo: https://github.com/mollyim/mollyim-android-unifiedpush. It wouldn't have been possible without the incredible contributions and support from all of you. So, a massive thanks to everyone involved in making UnifiedPush a reality in Molly. |
Is there an upgrade path from the current app to the unified push version? If not, will there be in the future? Or does it make sense to just migrate now |
You can backup your data, install the other build and restore your data |
Will this be available for accrescent users? |
Not for now. It implies a significant extra workload. We'll do it when the process improves, either on our end or through Accrescent's efforts. UnifiedPush users can rely on the in-app updater to update the app. |
Hi @valldrac @p1gp1g and everyone else involved on this release, Hats off to you. I can confirm that it is working as intended in my phone. My phone's battery cannot thank you enough.
I figured it out. Needed the mollysocket. |
This pull request add UnifiedPush support to Molly. (Issue #88)
There will still be some changes and some elements are still missing, but it can now start to be reviewed and tested.
It requires a MollySocket server running (still in alpha) on a server.
The MollySocket build can be found here: https://github.com/MollySocket/mollysocket/releases
And this fork (Molly with unifiedpush) build here: https://github.com/mollyim/mollyim-insider-android/releases
How it works ?
* Modulo the configuration
About the configuration
Old and removed strategy conf
* There are 2 different fetch strategies: * REST: Every time MollySocket receives a(n encrypted) data : it notifies Molly via UnifiedPush and Molly fetch using the rest strategy (that's a built-in strategy) * Websocket: Every time MollySocket receives a(n encrypted) data : it notifies Molly via UnifiedPush if it hasn't notified the last 5 seconds. Then Molly open the websocket for 20secs. This strategy avoid to reach some rate limit for some public provider such as https://ntfy.sh but may increase a little bit the battery drain.Tests
It needs some tests to know which strategy is better for reliability and battery !
Your feedback is welcome to compare the efficiency of the different strategy: MollySocket/mollysocket#1.
About security
Relative to Signal security
MollySocket receives the credentials for a linked device and does not receive any encryption key. Which means:
Todo